Anthropic and OpenAI are rolling out cyber-focused models that early users say are faster at analyzing code, chaining vulnerabilities, and generating working proof-of-concept exploits, though they are not yet dramatically more capable than prior generations. Anthropic's Mythos Preview reportedly completed 73% of expert-level cybersecurity tasks and, in some tests, a 32-step simulated attack from reconnaissance to network takeover. The article highlights a growing security risk as AI shifts cyber offense toward machine speed, with Cisco, Zscaler, and Semgrep already testing the tools internally.
The near-term equity implication is less about a step-change in model quality and more about a re-rating of the cyber budget cycle. If AI materially lowers the cost of finding, chaining, and validating vulnerabilities, enterprise buyers will have to spend more on detection, segmentation, red teaming, and incident response just to keep pace; that is structurally supportive for platform vendors that can monetize both prevention and workflow automation. CSCO and ZS look like early beneficiaries because they already sit inside customer environments and can turn these models into paid services faster than point products or standalone security startups. Second-order, the winner set likely extends beyond the obvious cyber names to identity, observability, and network control, since machine-speed lateral movement makes perimeter tools less sufficient and increases demand for east-west traffic inspection, privileged access controls, and continuous policy enforcement. The loser set includes smaller security vendors with narrow feature sets and high dependency on human analysts, because their differentiation erodes if a model can replicate much of the triage and proof-of-concept work. Over a 6-12 month horizon, the market may underappreciate how much of the spending shift is defensive automation rather than discretionary AI security, which tends to be stickier and less cyclical. The main contrarian risk is that the current excitement is ahead of monetization: these systems still need expert operators and unusually large compute/token budgets, so broad attacker adoption may lag headline capabilities by quarters. That creates a timing mismatch where security stocks can rerate on narrative before budgets actually inflect; if enterprise proofs of concept do not convert into ARR by the next 1-2 earnings cycles, the trade can fade. A second risk is that open-source replication compresses product differentiation quickly, which would shift value away from model vendors and toward distribution, data, and integrated workflows. The actionable setup is to own the scalable workflow winners and avoid pure-play AI-security hype names with limited go-to-market leverage. The best risk/reward is a medium-term long CSCO/ZS basket versus a short in smaller security software names that rely on manual triage and sell-point features, because AI increases the value of full-stack integration. For hedging, buy 3-6 month calls on CSCO or ZS into any post-announcement pullback, since customer adoption is likely to ramp faster than consensus models expect once red-team tooling becomes a budget line item.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
neutral
Sentiment Score
0.05
Ticker Sentiment
